When computer hardware vendors provide complete technical documentation for their products, operating system developers are able to write hardware device drivers to be included in the operating system kernels. However, some vendors, such as NVIDIA, do not provide complete documentation for some of their products and instead provide binary-only drivers (binary blobs); this practice is most common for accelerated graphics drivers, networking devices and RAID controllers.

Contents

Acceptance

When they can get neither hardware documentation nor device driver source code from a hardware vendor, some operating system projects, including NetBSD, FreeBSD, DragonFly BSD, and most GNU/Linux distributions, accept binary blobs as a fast route to the missing or enhanced functionality these blobs provide.[1]

The OpenBSD project has a notable policy of not accepting any binary blobs into its source tree, citing not only the potential for undetectable or irreparable security flaws but also its encroachment onto the openness and freedom of its software.[2]

Problems

There are a number of reasons why binary blobs can cause problems: users cannot modify the software and distribute modified versions; blobs are unportable and typically limited to a few hardware architectures; the correctness of the driver code cannot be checked; the code cannot be audited for security by users or third parties; users are forced to trust vendors not to put backdoors and spyware into the blob; in case of bugs or vulnerabilities, the driver cannot be repaired by operating system developers; and the hardware vendor can decide not to support some operating systems or to abandon driver maintenance at any time.[4]

Firmware

Firmware, the operating software required by a device's onboard microcontroller that accompanies some hardware, is generally not considered to be a binary blob. However, the FSF has begun campaigning for free BIOS firmware.[5] Often firmware is stored in onboard flash memory, but to decrease costs and ease upgrading, some manufacturers now use external firmware uploaded by the operating system. Although the firmware is present in the operating system, it is merely copied to the device and not executed by the CPU, lessening concerns about hidden security flaws. The OpenBSD project accepts binary firmware images and will redistribute the images if the licence permits.[6]